43165aeba93e9e68c04630aa5421f79fd203fa64e1195a2458556b20b467082d

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308581c0e4ae4f0923a8e5c40f3d686f_JaffaCakes118.html
Size

182KB
MD5

308581c0e4ae4f0923a8e5c40f3d686f
SHA1

bc6465c304248c3e0ae61300ef8e2a964fcb1c43
SHA256

43165aeba93e9e68c04630aa5421f79fd203fa64e1195a2458556b20b467082d
SHA512

06e850b81358ddf0465d9696cb0da5439b5cc42182cc6a8500120af04fc495c0006e594aec92152403558e1c5c810ea1e4105b141c191bd40e84a0049a416aea
SSDEEP

3072:++cITclgtyOSFjL2tuPtu1Da7P7atJtuxOH+IDC7jdR0lod4h+DOc2MzEltKKyVl:++ZTcX+kPk6xfL7jdRPKyPNrN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
2312	msedge.exe
2312	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 3144	2312	msedge.exe	83
PID 2312 wrote to memory of 3144	2312	msedge.exe	83
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1528	2312	msedge.exe	85
PID 2312 wrote to memory of 1252	2312	msedge.exe	86
PID 2312 wrote to memory of 1252	2312	msedge.exe	86
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87
PID 2312 wrote to memory of 2668	2312	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\308581c0e4ae4f0923a8e5c40f3d686f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6604545953735595935,8583106636985731907,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
32KB

MD5
4b8bdccb091e9975d1e6ccb365f4f7e0

SHA1
32a804789d0bd3130e4b847f679d6696041c607f

SHA256
d874790a56f3189368e5c59ac4fa890eb5db3f3c2d67cdb437b79e2f19074461

SHA512
758a6732e18fb0cc405f72166062df908a74cb64cc3dccc17ca126161adde6a02b3baac52150c3f7a9bbb7ffd4a29612e87f09849c224744fa2a5a0a48f6712e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
15365b0db591495289f83852dbd2476f

SHA1
c5f6d6a680783c64719385aba7d1fd8d3d0caec0

SHA256
93674142a97bca968815a96d97222a59248869de2f0cb020c57d9ecc1da93900

SHA512
fe87cab709c6ad82691c4656f38d5f46f446d7ac9655165fcb2cc33d1f115bcf49f07cbed423a011a48c835aec86c38b16a55f9e291e6da722c7f0a1f448f88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
499d7c2c1534df16d9be1743bc1d1bb5

SHA1
fb4d29f0d2065649b24bf505db44b38e7d6c25be

SHA256
53cb28bb40a75bbfcd2c7431b5e10c7e3c634ccd190b6a6d11ab2b9ece051c97

SHA512
660513134157fc1f12222a85ec45d6a1ce161b839cd16ff22b9fb64961af8e449f5338dea2f292d23489aca5d7cdea54705d79186ee92c2de22eb7fdac0e975e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ea4af1490c27de1ce8e8d7ec2f1615fe

SHA1
ec0524d6a4d05a5e50e348becb96b410f276ca46

SHA256
209e94a08da84b1039facf85dde646c6390896edfb0705f0b45f4b341a489f38

SHA512
0ec466302468b4071f02a47a5fe23386ebddbab298134776b5c2a07fb62cb50b452cbfc4477d5ab6becd6968cd849a1b32d798d20a4347d4e0d74345dc0fa693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e16daf2376ece61116b57c40f139b6e

SHA1
7863405abe340ac655da574c7c801eeb03834fd9

SHA256
3677d1591e55197e61fc3ecae60f2e86c90bdc30fcda402e627e97761c2f4b66

SHA512
6741129b0232266128f24f25069a8f6865ce9eeef2e9b5fec9798f601df49e034f1ff258b5ab9be9abcb6de58225699eb2ceca509c327af564a8dc205cb7fc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
99fec16c4616f3d721cdb1149022b14f

SHA1
bebfe1d950b665f6e55a10027bf4c79f763ed3d2

SHA256
44fd87bdb2cf3c563cbfda0877c0cf990dda8908903f364452007a7c444d066e

SHA512
79d558f966515de12816fb0c8004740eeb2c0e72e50d0fabc7302ae39cec3645bd8ea866b06d8ffc273fc68404e65affe375c1e4e2aa4c0479391b9d79bc5001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76ab4c1d12eddfb17368358dbc6847cc

SHA1
3cb98600fbfc0886637131483e160f1f93ca11e7

SHA256
2cd5c917a3b6dfb390b8ad391e9b6dd1005c7051a8066ef8c4446e325256f295

SHA512
c8981d04a7fc1e467909ad328d33b7024de4ce35b4c9cdb1e2395cb92c30503633bc7cddf5edc6ff058695dbcb45820b9dd96dfd9f3b7f5e960862a81a5b0442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cecd71ec2ec7c5d3eb1df9ab485040f

SHA1
53c37a541e318ddb8dc09b6cae0f70c87453b58c

SHA256
ad80e9e13ad00ff7eb7b9b2ffaa7daa30b645679d2aa52e8ac0b14b31e350585

SHA512
6630818fc9e12a76888ef9843491221d59c0db734d513ff1a032616c50e15d7d88c9e2f967d4b49d7bcc4059b33b145840aa44241db52d1fa296b2c19abe3134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cfa544600f0a27b86fc6fa9b59d9354c

SHA1
d3361459d5d5b8be3156c49a5ac349b29eb84d02

SHA256
7ac6d49a5cf738d45a1fbba478dc1efb8ff68270495a92c7dd3751dcec559a59

SHA512
5f5a03c819b1d277b39295461cc5b10e8edbeede3cc2b8164c0fecdb91a1e711566b2334ce92c588d11b75d6c4913c03e3f50759a00bcdcc855ef6f60479ce3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585b4a.TMP

Filesize
370B

MD5
eea04840d5f4a08c93a78405585056be

SHA1
c131c1dfbde0d34799190b78162e50e19424b487

SHA256
a5a07c24175f2c4b6796f0160c4d7b40b19f1f781b5ab6e45a4324185ee950a4

SHA512
fd128f2350a857d2c32382de6b1b3a6adec14e71f0dec36009c2d3ef1e847492cda4a391aebf198a5ea46a21b3e4e514f2fa52ce65f7400d74a99bcc0d55957c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95bb138b2d536afd25d27bcd0e7f76f4

SHA1
26896c65532e4becf21536c7d32b856b32c9a0a6

SHA256
7a8493723ca6c1395d464764f6df2933701d00f68add2fe83c04d116d2608106

SHA512
2b818c6537e343361201dd92b67707e1858ef27865930270f7d9bffe4d0d0bf4530758b9c2d5a6e292762fa6339c1831f7584bbe25c2b079d01fc3c370130b7c

Download Submit